Inspecting Live Resources
Quick-reference for agents investigating issues across the Cloud Control Plane infrastructure.
Environment Quick Reference
| Env | AWS Account | Region | Default CLI Profile |
|---|---|---|---|
| Staging | 468036072962 | us-east-1 | Default |
| Preprod | 010928202142 | us-east-1 | Requires --profile |
| Prod | 023568249301 | us-east-1 | Requires --profile |
Cloudflare accounts: 3a8e992c9f607dcb3b401878264df92e (dev/staging/preprod), 96d9ae8ad2fe71a3c6ead54f3a775c05 (prod).
Naming Convention
Most AWS resources follow {env_prefix}-{ResourceName}:
- Dev:
dev-{branch}-(e.g.,dev-oliver-EcomIndexSettingsTable) - Staging:
staging- - Preprod:
preprod- - Prod:
prod-
Exception: UsersAccountsTable has no prefix in staging.
End-to-End Flow Guides
Trace a customer action through every service hop, with what to check at each step:
| Flow | Description |
|---|---|
| Search | Search query through proxy → KV → Marqo and back |
| Add Documents | Product sync from Shopify → S3 → SQS → Indexer → Marqo |
| Recommendations | Similar, suggestions, and personalized recommendations |
| Agentic Search | AI search with Gemini, caching, conversations |
| Merchandising | Rules from Admin/Controller → DDB → exporter → KV → search runtime |
| Signup | Registration through Cognito, Stripe, DynamoDB |
| Login | Authentication and API authorization |
| Settings Sync | DynamoDB → settings exporter → Cloudflare KV |
Start Here: Which Component?
| If the issue involves... | Start with |
|---|---|
| Search queries, results, latency | Search Proxy |
| Merchandising rules, pins, boosts, filters, recency | Merchandising |
| AI/conversational search | Agentic Search |
| Product indexing, Shopify sync | Ecommerce |
| Admin dashboard, query configs, forks | Admin |
| User signup, login, accounts, billing | Controller |
| Console web app, monolith API | Control Plane |
Resource Type Guides
How to inspect each type of resource with CLI commands:
| Resource | Guide |
|---|---|
| DynamoDB tables | resources/dynamodb.md |
| DynamoDB access patterns (cheat sheet) | ddb-access-patterns.md |
| Lambda functions | resources/lambda.md |
| API Gateway | resources/api-gateway.md |
| Cloudflare Workers / KV / DO | resources/cloudflare-workers.md |
| CloudWatch (logs, alarms, dashboards) | resources/cloudwatch.md |
| Cognito (user pools, auth) | resources/cognito.md |
| S3 buckets | resources/s3.md |
| SQS queues | resources/sqs.md |
| Secrets Manager | resources/secrets-manager.md |
| ECS / Fargate | resources/ecs.md |
| Elastic Beanstalk | resources/elastic-beanstalk.md |
| WAF | resources/waf.md |
Data Plane Cell Gateways
IAM-authenticated API Gateway endpoints per data plane cell. Config lives in infra/*/config/{env}.json under data_plane_cells.
| Cell | Gateway ID | Account |
|---|---|---|
| S (staging) | n6wwdwmk2m | 468036072962 |
| PP (preprod) | me25xyukr9 | 010928202142 |
| P1 (prod) | m6j1teqnte | 023568249301 |
Invoke with IAM auth:
python3 -c "
import requests, json
from aws_requests_auth.boto_utils import BotoAWSRequestsAuth
host = 'n6wwdwmk2m.execute-api.us-east-1.amazonaws.com'
auth = BotoAWSRequestsAuth(aws_host=host, aws_region='us-east-1', aws_service='execute-api')
resp = requests.post(f'https://{host}/prod/v2/indexes/list', auth=auth,
json={'systemAccountId': 'fnqm9psx'})
print(json.dumps(resp.json(), indent=2))
"
Common Investigation Patterns
"Why is search returning wrong/stale results?"
- Check index settings in DDB: DynamoDB ->
EcomIndexSettingsTable - Check KV cache: Cloudflare Workers
- Check settings exporter: Lambda ->
EcomSettingsExporterLambda - Check search proxy logs: Cloudflare Workers ->
{env}-ecom-api
"Why is indexing stuck?"
- Check indexer jobs: DynamoDB ->
EcomIndexerJobsTable - Check indexer Lambda: Lambda ->
EcomIndexerFunction - Check SQS queue depth: SQS
- Check product data: S3 ->
ecom-product-data-bucket
"Why can't a user sign in?"
- Check Cognito user: Cognito
- Check auth Lambda logs: Lambda ->
ControllerAuthLambda-{env} - Check controller health: Elastic Beanstalk
"Why is the admin dashboard broken?"
- Check admin worker: Cloudflare Workers ->
{env}-admin-api - Check admin Lambda: Lambda ->
AdminLambda - Check API Gateway: API Gateway ->
AdminInternalApi
"Why are alarms firing?"
- Check alarm state: CloudWatch
- Follow the alarm to its source metric/resource
- Check associated Lambda/service logs
Infrastructure Code Locations
| Component | CDK/Pulumi | Config |
|---|---|---|
| Control Plane (Console) | infra/aws/stacks/ | infra/aws/config/ |
| Ecommerce | infra/ecom/stacks/ | infra/ecom/config/ |
| Admin | infra/admin/stacks/ | infra/admin/config/ |
| Controller | infra/controller/stacks/ | infra/controller/configurations/ |
| Cloudflare Workers | components/{worker}/wrangler.toml | Per-env sections in wrangler.toml |